Monitoring through new technologies and personal data security and rights are the two main areas of supervisory focus for the Danish Data Protection Authority (Datatilsynet – DPA) in 2026.
New technologies such as AI have been on the DPA’s radar for years, and the authority was already looking into AI in the healthcare sector last year. However, this year, it will focus more on monitoring, and AI in devices and in care, in areas such as:
- AI for monitoring and controlling individuals under care;
- measuring and monitoring devices for patient care at home, such as medical devices, cameras, and sensors; and
- websites tracking citizens.
It will also continue to supervise how employees are monitored, and in particular how personal data is processed in such monitoring.
The DPA says the increasing use of AI in both public and private care sectors brings many opportunities, but it can also create risks around data protection. The authority has already been receiving more and more reports about data breaches stemming from unauthorized access to devices, systems and/or networks connected to such implementations.
“To strengthen both awareness of the rules and compliance with the rules themselves, Datatilsynet will carry out inspections in 2026 with a focus on the use of internet-connected measuring instruments and monitoring devices in patient treatment at home,” the authority said.
Data subjects’ rights
The DPA will continue its earlier work to investigate personal data security, and data subjects’ rights, including areas around:
- safe use of autocomplete;
- supervision of large data processors; and
- data subjects’ right to transparency and information.
There will be continuing focus on how personal data is processed in pan-European information systems, and the supervision of processing PNR (Passenger Name Record) data.
The supervisory work will include events such as:
- providing guidance and advice;
- handling complaints;
- international cooperation; and
- targeted supervision of authorities and companies.